- Maintaining information security in a school district can be an arduous task due to the wide array of stakeholders involved — ranging from faculty and staff to students — and the lack of knowledge they may possess on the topic, according to EdTech: Focus on K-12.
- Lower pay can make it difficult for districts to attract skilled information security professionals, but district leaders can develop a long-term strategic vision that funds for training and development, includes state-of-the-art technology, and a provides a fulfilling work environment that appeals to mission-driven professionals.
- In addition to competing with the private sector via workplace training and professional development programs, districts can also empower information security team members through leadership by example, embrace learning from mistakes and provide open and transparent feedback.
On the cybersecurity front, many in K-12 could do well to look to their peers in higher education. While that sector still faces its fair share of information security challenges, most colleges and universities have the benefit of having more experience with these concerns than most K-12 schools and districts.
The most important lesson is that the end user is typically an organization's top cybersecurity threat. All it takes is one person falling prey to a malicious link or email attachment to compromise security. University of Dayton CIO Thomas Skill has worked to combat this with a campus-wide initiative that uses regular phishing tests; emails with updates, warnings and the latest security news; and incentives and prizes for people who complete certain actions. Such moves can be key in promoting greater cyber-awareness among students, faculty and staff.
This isn't something districts can afford to sleep on.
According to a September 2016 analysis of 20,000 organizations by security ratings firm BitSight, malware attacks against education outpaced attacks against those in government, healthcare, energy, retail and finance. Particularly popular are ransomware attacks, where hackers encrypt sensitive data and demand that schools or districts pay a ransom to regain control of the information.
Simply put, schools are a popular hacker target — and the attacks aren't lacking in success. South Carolina's Horry County Public Schools paid an $8,000 ransom to end an attack in June 2016 and, and research estimates last summer placed the total amount raked in by ransomware attacks over a two-year period around $25 million.